Vulnerabilities > Zohocorp > Manageengine Netflow Analyzer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-09 | CVE-2015-2961 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Netflow Analyzer Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators. | 6.8 |
| 2015-06-09 | CVE-2015-2960 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-06-09 | CVE-2015-2959 | Improper Access Control vulnerability in Zohocorp Manageengine Netflow Analyzer Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role. | 7.5 |
| 2014-12-04 | CVE-2014-5446 | Path Traversal vulnerability in Zohocorp Manageengine It360 and Manageengine Netflow Analyzer Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. | 5.0 |
| 2014-12-04 | CVE-2014-5445 | Path Traversal vulnerability in Zohocorp Manageengine It360 and Manageengine Netflow Analyzer Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | 5.0 |